<?php
require_once("../globals.php");
require_once("../../library/acl.inc");
require_once("$srcdir/md5php.js");
require_once("$srcdir/sql.inc");
require_once("$srcdir/formdata.inc.php");
require_once("$srcdir/options.inc.php");
require_once(dirname(__FILE__) . "/../../library/classes/WSProvider.class.php");
require_once("$srcdir/erx_javascript.inc.php");

$alertmsg = '';


$query = " SELECT * FROM list_options WHERE list_id = 'especialidades' ";
$res = sqlStatement($query);
$select_specialty = "<select name='spaciality' id='spaciality'>";
while ($row = sqlFetchArray($res)) {
    $select_specialty .= "<option value='" . $row['seq'] . "' >" . $row['title'] . "</option>";
}
$select_specialty .= "</select>";
?>
<html>
    <head>

        <link rel="stylesheet" href="<?php echo $css_header; ?>" type="text/css">
        <link rel="stylesheet" type="text/css" href="<?php echo $GLOBALS['webroot'] ?>/interface/themes/jquery.fancybox.css?v=2.1.5" media="screen"/>
        <!--<script type="text/javascript" src="../../library/js/jquery.1.3.2.js"></script>-->
        <script type="text/javascript" src="<?php echo $GLOBALS['webroot']; ?>/library/js/jquery-1.10.0.min.js"></script>        
        <script type="text/javascript" src="<?php echo $GLOBALS['webroot']; ?>/library/js/jquery-ui-1.10.3.custom.min2.js"></script>
        <script type="text/javascript" src="<?php echo $GLOBALS['webroot']; ?>/library/js/jquery.fancybox.pack.js"></script>
        <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/dialog.js"></script>
        <script type="text/javascript" src="<?php echo $GLOBALS['webroot'] ?>/library/js/common.js"></script>
        <script src="checkpwd_validation.js" type="text/javascript"></script>

        <script language="JavaScript">
            function trimAll(sString)
            {
                while (sString.substring(0, 1) == ' ')
                {
                    sString = sString.substring(1, sString.length);
                }
                while (sString.substring(sString.length - 1, sString.length) == ' ')
                {
                    sString = sString.substring(0, sString.length - 1);
                }
                return sString;
            }

            function close() {
                parent.$.fancybox.close();
            }

            function submitform() {

                if ($("#rumple").val().length > 0 && $("#stiltskin").val().length > 0 && $("#fname").val().length > 0 && $("#lname").val().length > 0 && $("#spaciality").val() != 0) {
                    //alert( $("#new_userf").serialize() );


                    if ($("#secure_pwd").val() == 1) {
                        var password = trim($("#stiltskin").val());
                        if (password != "") {
                            var pwdresult = passwordvalidate(password);
                            if (pwdresult == 0) {
                                alert("<?php echo xl('The password must be at least eight characters, and should');
echo '\n';
echo xl('contain at least three of the four following items:');
echo '\n';
echo xl('A number');
echo '\n';
echo xl('A lowercase letter');
echo '\n';
echo xl('An uppercase letter');
echo '\n';
echo xl('A special character');
echo '(';
echo xl('not a letter or number');
echo ').';
echo '\n';
echo xl('For example:');
echo ' healthCare@09'; ?>");
                                return false;
                            }
                        }
                    } //secure_pwd if ends here*/
                    //alert(SHA1($("#stiltskin").val()));
                    $("#newauthPass").val(md5php($("#stiltskin").val()));
                    $("#stiltskin").val('');

                    $("#rumple2").val($("#rumple").val());

                    $.post("usergroup_admin.php?" + $("#new_userf").serialize(), function(data) {
                        //alert(data);
                        close();
                    });


                } else {
                    alert('Los campos marcados con un * son requeridos para terminar la solicitud');
                }

                /*if (document.forms[0].rumple.value.length>0 && document.forms[0].stiltskin.value.length>0 && document.getElementById('fname').value.length >0 && document.getElementById('lname').value.length >0) {
                 top.restoreSession();
         
                 //Checking if secure password is enabled or disabled.
                 //If it is enabled and entered password is a weak password, alert the user to enter strong password.
                 if(document.new_userf.secure_pwd.value == 1){
                 var password = trim(document.new_userf.stiltskin.value);
                 if(password != "") {
                 var pwdresult = passwordvalidate(password);
                 if(pwdresult == 0){
                 alert("<?php echo xl('The password must be at least eight characters, and should');
echo '\n';
echo xl('contain at least three of the four following items:');
echo '\n';
echo xl('A number');
echo '\n';
echo xl('A lowercase letter');
echo '\n';
echo xl('An uppercase letter');
echo '\n';
echo xl('A special character');
echo '(';
echo xl('not a letter or number');
echo ').';
echo '\n';
echo xl('For example:');
echo ' healthCare@09'; ?>");
                 return false;
                 }
                 }
                 } //secure_pwd if ends here
                 // ViCareplus : As per NIST standard, SHA1 encryption algorithm is used		
                 document.forms[0].newauthPass.value=SHA1(document.forms[0].stiltskin.value);
                 document.forms[0].stiltskin.value='';
<?php if ($GLOBALS['erx_enable']) { ?>
                     alertMsg='';
                     f=document.forms[0];
                     for(i=0;i<f.length;i++){
                     if(f[i].type=='text' && f[i].value)
                     {
                     if(f[i].name == 'rumple')
                     {
                     alertMsg += checkLength(f[i].name,f[i].value,35);
                     alertMsg += checkUsername(f[i].name,f[i].value);
                     }
                     else if(f[i].name == 'fname' || f[i].name == 'mname' || f[i].name == 'lname')
                     {
                     alertMsg += checkLength(f[i].name,f[i].value,35);
                     alertMsg += checkUsername(f[i].name,f[i].value);
                     }
                     else if(f[i].name == 'federaltaxid')
                     {
                     alertMsg += checkLength(f[i].name,f[i].value,10);
                     alertMsg += checkFederalEin(f[i].name,f[i].value);
                     }
                     else if(f[i].name == 'state_license_number')
                     {
                     alertMsg += checkLength(f[i].name,f[i].value,10);
                     alertMsg += checkStateLicenseNumber(f[i].name,f[i].value);
                     }
                     else if(f[i].name == 'npi')
                     {
                     alertMsg += checkLength(f[i].name,f[i].value,35);
                     alertMsg += checkTaxNpiDea(f[i].name,f[i].value);
                     }
                     else if(f[i].name == 'federaldrugid')
                     {
                     alertMsg += checkLength(f[i].name,f[i].value,30);
                     alertMsg += checkAlphaNumeric(f[i].name,f[i].value);
                     }
                     }
                     }
                     if(alertMsg)
                     {
                     alert(alertMsg);
                     return false;
                     }
<?php } ?>
                 //document.forms[0].submit();
         
                 //
                 } else {
                 if (document.forms[0].rumple.value.length<=0)
                 {
                 document.forms[0].rumple.style.backgroundColor="red";
                 alert("<?php xl('Required field missing: Please enter the User Name', 'e'); ?>");
                 document.forms[0].rumple.focus();
                 return false;
                 }
                 if (document.forms[0].stiltskin.value.length<=0)
                 {
                 document.forms[0].stiltskin.style.backgroundColor="red";
                 alert("<?php echo xl('Please enter the password'); ?>");
                 document.forms[0].stiltskin.focus();
                 return false;
                 }
                 if(trimAll(document.getElementById('fname').value) == ""){
                 document.getElementById('fname').style.backgroundColor="red";
                 alert("<?php xl('Required field missing: Please enter the First name', 'e'); ?>");
                 document.getElementById('fname').focus();
                 return false;
                 }
                 if(trimAll(document.getElementById('lname').value) == ""){
                 document.getElementById('lname').style.backgroundColor="red";
                 alert("<?php xl('Required field missing: Please enter the Last name', 'e'); ?>");
                 document.getElementById('lname').focus();
                 return false;
                 }
         
                 alert("post");
                 }*/
                //alert("post");


            }
            function authorized_clicked() {
                var f = document.forms[0];
                f.calendar.disabled = !f.authorized.checked;
                f.calendar.checked = f.authorized.checked;
            }

        </script>

    </head>
    <body class="body_top">
        <div class="borde_normal" style="margin-bottom: 15px;"><span class="historial_paciente" style="font-size: 1.5em;"><?php xl('Add User', 'e'); ?></span></div>
        <form name='new_userf' id='new_userf' method='post'  target="_parent" action="usergroup_admin.php">
            <table border=0>

                <tr><td valign=top>

                        <input type=hidden name=mode id=mode value=new_user>
                        <input type=hidden name=secure_pwd id=secure_pwd value="1">
                        <span class="bold">&nbsp;</span>
                    </td><td>
                        <table border=0 cellpadding=0 cellspacing=0>
                            <tr>
                                <td style="width:150px;"><span class="text"><?php xl('Username', 'e'); ?>: </span></td><td  style="width:220px;"><input type=entry name=rumple id=rumple style="width:120px;"> <span class="mandatory">&nbsp;*</span></td>
                                <td style="width:150px;"><span class="text"><?php xl('Password', 'e'); ?>: </span></td><td style="width:250px;"><input type="entry" style="width:120px;" name=stiltskin id=stiltskin><span class="mandatory">&nbsp;*</span></td>
                            </tr>
                            <tr>
                                <td><span class="text"<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>><?php xl('Groupname', 'e'); ?>: </span></td>
                                <td>
                                    <select name=groupname<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>
                                        <?php
                                        $res = sqlStatement("select distinct name from groups");
                                        $result2 = array();
                                        for ($iter = 0; $row = sqlFetchArray($res); $iter++)
                                            $result2[$iter] = $row;
                                        foreach ($result2 as $iter) {
                                            print "<option value='" . $iter{"name"} . "'>" . $iter{"name"} . "</option>\n";
                                        }
                                        ?>
                                    </select></td>
                                    <td><!--span class="text"><?php xl('Provider', 'e'); ?>: </span--></td><td>
                                    <input type='checkbox' name='authorized' value='1' checked hidden/>

                                    <input type='checkbox' name='calendar' checked hidden/>
                                </td>
                            </tr>
                            <tr>
                                <td><span class="text"><?php xl('First Name', 'e'); ?>: </span></td><td><input type=entry name='fname' id='fname' style="width:120px;"><span class="mandatory">&nbsp;*</span></td>
                                <td><span class="text"><?php xl('Middle Name', 'e'); ?>: </span></td><td><input type=entry name='mname' style="width:120px;"></td>
                            </tr>
                            <tr>
                                <td><span class="text"><?php xl('Last Name', 'e'); ?>: </span></td><td><input type=entry name='lname' id='lname' style="width:120px;"><span class="mandatory">&nbsp;*</span></td>
                                <td><span class="text"><?php xl('Especialidad', 'e'); ?>: </span></td><td><?php echo $select_specialty; ?><span class="mandatory">&nbsp;*</span></td>
                                <td><!--span class="text"><?php xl('Default Facility', 'e'); ?>: </span--></td><td><select style="width:120px;" name=facility_id hidden>
                            <?php
//$fres = sqlStatement("select * from facility where id = 10 order by name");
                            $fres = sqlStatement("select * from facility where id=" . $_SESSION['pc_facility']);
                            if ($fres) {
                                for ($iter = 0; $frow = sqlFetchArray($fres); $iter++)
                                    $result[$iter] = $frow;
                                foreach ($result as $iter) {
                                    ?>
                                                <option value="<?php echo $iter{id}; ?>"><?php echo $iter{name}; ?></option>
        <?php
    }
}
?>
                                    </select></td>
                            </tr>
                            <!--
                            <tr>
                            <td><span class="text"><?php xl('Federal Tax ID', 'e'); ?>: </span></td><td><input type=entry name='federaltaxid' style="width:120px;"></td>
                            <td><span class="text"><?php xl('Federal Drug ID', 'e'); ?>: </span></td><td><input type=entry name='federaldrugid' style="width:120px;"></td>
                            </tr>
                            -->
                            <!--
                            <tr>
                            <td><span class="text"><?php xl('UPIN', 'e'); ?>: </span></td><td><input type="entry" name="upin" style="width:120px;"></td>
                            
                            <td class='text'><?php xl('See Authorizations', 'e'); ?>: </td>
                            <td><select name="see_auth" style="width:120px;">
<?php
foreach (array(1 => xl('None'), 2 => xl('Only Mine'), 3 => xl('All')) as $key => $value) {
    echo " <option value='$key'";
    echo ">$value</option>\n";
}
?>
                            </select></td>
                            -->
                            <!--<tr>
                            <td><span class="text"><?php xl('NPI', 'e'); ?>: </span></td><td><input type="entry" name="npi" style="width:120px;"></td>
                            <td><span class="text"><?php xl('Job Description', 'e'); ?>: </span></td><td><input type="entry" name="specialty" style="width:120px;"></td>
                            </tr>-->

                            <!-- (CHEMED) Calendar UI preference -->
                            <!--
                            <tr>
                            <td><span class="text"><?php xl('Taxonomy', 'e'); ?>: </span></td>
                            <td><input type="entry" name="taxonomy" style="width:120px;" value="207Q00000X"></td>
                            <td><span class="text"><?php //xl('Calendar UI','e'); ?></span></td><td><select name="cal_ui" style="width:120px;" hidden>
                            <?php
                            foreach (array(3 => xl('Outlook'), 1 => xl('Original'), 2 => xl('Fancy')) as $key => $value) {
                                echo " <option value='$key'";
                                if ($key == $iter['cal_ui'])
                                    echo " selected";
                                echo ">$value</option>\n";
                            }
                            ?>
                            </select></td>
                            </tr>
                            -->
                            <!-- END (CHEMED) Calendar UI preference -->

                            <!--
                            <tr>
                            <td><span class="text"><?php xl('State License Number', 'e'); ?>: </span></td>
                            <td><input type="text" name="state_license_number" style="width:120px;"></td>
                            <td class='text'><?php //xl('NewCrop eRX Role','e');  ?></td>
                            <td>
                                        <?php //echo generate_select_list("erxrole", "newcrop_erx_role", $iter['newcrop_user_role'],'','--Select Role--','','','',array('style'=>'width:120px')); ?>  
                            </td>
                            </tr>
                            -->
                            <!--
                                        <?php if ($GLOBALS['inhouse_pharmacy']) { ?>
                                <tr>
                                 <td class="text"><?php xl('Default Warehouse', 'e'); ?>: </td>
                                 <td class='text'>
                                            <?php
                                            echo generate_select_list('default_warehouse', 'warehouse', '', '');
                                            ?>
                                 </td>
                                 <td class="text"><?php xl('Invoice Refno Pool', 'e'); ?>: </td>
                                 <td class='text'>
    <?php
    echo generate_select_list('irnpool', 'irnpool', '', xl('Invoice reference number pool, if used'));
    ?>
                                 </td>
                                </tr>
                            <?php } ?>
                            -->
                            <?php
                            // List the access control groups if phpgacl installed
                            if (isset($phpgacl_location) && acl_check('admin', 'acl')) {
                                ?>
                                <tr>
                                    <td class='text'><?php xl('Access Control', 'e'); ?>:</td>
                                    <td><select name="access_group[]" multiple style="width:120px;">
    <?php
    $list_acl_groups = acl_get_group_title_list();
    $default_acl_group = 'Administrators';
    foreach ($list_acl_groups as $value) {
        if ($default_acl_group == $value) {
            // Modified 6-2009 by BM - Translate group name if applicable
            echo " <option value='$value' selected>" . xl_gacl_group($value) . "</option>\n";
        } else {
            // Modified 6-2009 by BM - Translate group name if applicable
            echo " <option value='$value'>" . xl_gacl_group($value) . "</option>\n";
        }
    }
    ?>
                                        </select></td>
                                    <td><span class="text"><?php xl('Additional Info', 'e'); ?>: </span></td>
                                    <td><textarea name=info style="width:120px;" cols=27 rows=4 wrap=auto></textarea></td>

                                </tr>
                                <tr height="25"><td colspan="4">&nbsp;</td></tr>
                                <?php
                            }
                            ?>

                        </table>
                        <input type="hidden" name="newauthPass" id="newauthPass">
                        <input type="hidden" name="rumple2" id ="rumple2" value=''></input>
                        </form>
                        <br>

                    </td>

                </tr>

                <tr<?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>

                    <td valign=top>
                        <form name='new_group' method='post' action="usergroup_admin.php"
                              onsubmit='return top.restoreSession()'>
                            <br>
                            <input type=hidden name=mode value=new_group>

                            <span class="bold"><?php xl('New Group', 'e'); ?>:</span>
                    </td><td>
                        <span class="text"><?php xl('Groupname', 'e'); ?>: </span><input type=entry name=groupname size=10>
                        &nbsp;&nbsp;&nbsp;
                        <span class="text"><?php xl('Initial User', 'e'); ?>: </span>
                        <select name=rumple>
                            <?php
                            $res = sqlStatement("select distinct username from users where username != ''");
                            for ($iter = 0; $row = sqlFetchArray($res); $iter++)
                                $result[$iter] = $row;
                            foreach ($result as $iter) {
                                print "<option value='" . $iter{"username"} . "'>" . $iter{"username"} . "</option>\n";
                            }
                            ?>
                        </select>
                        &nbsp;&nbsp;&nbsp;
                        <input type="submit" value=<?php xl('Save', 'e'); ?>>
                        </form>
                    </td>

                </tr>

                <tr <?php if ($GLOBALS['disable_non_default_groups']) echo " style='display:none'"; ?>>

                    <td valign=top>
                        <form name='new_group' method='post' action="usergroup_admin.php"
                              onsubmit='return top.restoreSession()'>
                            <input type=hidden name=mode value=new_group>
                            <span class="bold"><?php xl('Add User To Group', 'e'); ?>:</span>
                    </td><td>
                        <span class="text">
<?php xl('User', 'e'); ?>
                            : </span>
                        <select name=rumple>
<?php
$res = sqlStatement("select distinct username from users where username != ''");
for ($iter = 0; $row = sqlFetchArray($res); $iter++)
    $result3[$iter] = $row;
foreach ($result3 as $iter) {
    print "<option value='" . $iter{"username"} . "'>" . $iter{"username"} . "</option>\n";
}
?>
                        </select>
                        &nbsp;&nbsp;&nbsp;
                        <span class="text"><?php xl('Groupname', 'e'); ?>: </span>
                        <select name=groupname>
            <?php
            $res = sqlStatement("select distinct name from groups");
            $result2 = array();
            for ($iter = 0; $row = sqlFetchArray($res); $iter++)
                $result2[$iter] = $row;
            foreach ($result2 as $iter) {
                print "<option value='" . $iter{"name"} . "'>" . $iter{"name"} . "</option>\n";
            }
            ?>
                        </select>
                        &nbsp;&nbsp;&nbsp;
                        <input type="submit" value=<?php xl('Add User To Group', 'e'); ?>>
                        </form>
                    </td>
                </tr>

            </table>

            <div>
                <a class="css_button" name='form_save' id='form_save' href='#' onclick="return submitform()">
                    <span><i style="font-size: 25px;" class="icon-ok"></i> <?php xl('Save', 'e'); ?></span></a>

                <a class="css_button large_button" id='cancel' href='#' onclick='$("#add_new_user").hide();
        $("#config").show();'>
                    <span> <i style="font-size: 25px;" class="icon-reply"></i> <?php xl('Cancel', 'e'); ?></span>
                </a>

            </div>

<?php
if (empty($GLOBALS['disable_non_default_groups'])) {
    $res = sqlStatement("select * from groups order by name");
    for ($iter = 0; $row = sqlFetchArray($res); $iter++)
        $result5[$iter] = $row;

    foreach ($result5 as $iter) {
        $grouplist{$iter{"name"}} .= $iter{"user"} .
                "(<a class='link_submit' href='usergroup_admin.php?mode=delete_group&id=" .
                $iter{"id"} . "' onclick='top.restoreSession()'>Remove</a>), ";
    }

    foreach ($grouplist as $groupname => $list) {
        print "<span class='bold'>" . $groupname . "</span><br>\n<span class='text'>" .
                substr($list, 0, strlen($list) - 2) . "</span><br>\n";
    }
}
?>

            <script language="JavaScript">
<?php
if ($alertmsg = trim($alertmsg)) {
    echo "alert('$alertmsg');\n";
}
?>
                /*$(document).ready(function(){
                 $("#cancel").click(function() {
                 parent.$.fn.fancybox.close();
                 });
     
                 });*/
            </script>
            <table>

            </table>

    </body>
</html>
